« List of all CVEs

CVE-2025-4598

Systemd-coredump: race condition that allows a local attacker to crash a suid program and gain read access to the resulting core dump

Published: 5/30/2025 Last updated: 6/2/2026 Reserved: 5/12/2025

A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version Score Severity Vector String
3.1 4.7 Medium CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Opam packages affected (31)

albatross cdrom conf-bpftool conf-libbpf conf-libudev conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes ocaml-systemd ortools_solvers orun rawlink rawlink-eio rawlink-lwt restricted shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (35)

Product Vendor Version
Red Hat Discovery 2 Red Hat APQ8009, APQ8053, APQ8096AU, APQ8098, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8953, MSM8996AU, Nicobar, QCN7605, QCS605, Rennell, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM710, SDX24, SDX55, SM7150, SM8150, SM8250, SXR2130
Red Hat Discovery 2 Red Hat all versions as of 2019-04-03
Red Hat Discovery 2 Red Hat 6.3.7
Red Hat Discovery 2 Red Hat 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016
Red Hat Insights proxy 1.5 Red Hat 5.0
Red Hat Insights proxy 1.5 Red Hat 11
Red Hat Enterprise Linux 7 Red Hat 6.0
Red Hat Enterprise Linux 10 Red Hat n/a
Red Hat Enterprise Linux 9 Red Hat 6.0.1
Red Hat Enterprise Linux 7 Red Hat 6.0
Red Hat Enterprise Linux 10 Red Hat 6.4.1
Red Hat Ceph Storage 7 Red Hat n/a
Red Hat Ceph Storage 7 Red Hat 6.3.6
Red Hat Ceph Storage 8 Red Hat n/a
Red Hat Ceph Storage 8 Red Hat < 2.5.2-3.26.1
Red Hat Ceph Storage 8 Red Hat < 10.0.26100.6584
Red Hat Ceph Storage 8 Red Hat 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems
Red Hat OpenShift Container Platform 4 Red Hat < 6.1.7601.27929
Red Hat OpenShift Container Platform 4 Red Hat < 2.5.2-lp151.2.9.1
Red Hat Enterprise Linux 10 Red Hat < 2.5.2-3.26.1
Red Hat Enterprise Linux 10 Red Hat n/a
Red Hat OpenShift Container Platform 4 Red Hat n/a
Red Hat Enterprise Linux 10 Red Hat 9.2.0.9297
Red Hat Enterprise Linux 9 Red Hat n/a
Red Hat Enterprise Linux 9 Red Hat 5.02
Red Hat Enterprise Linux 7 Red Hat n/a
Red Hat Enterprise Linux 8 Red Hat 6.4.2
Red Hat OpenShift Container Platform 4 Red Hat 6.0.2
Red Hat Enterprise Linux 10 Red Hat 4.6 on Windows Server 2008 for x64-based Systems Service Pack 2
Red Hat Enterprise Linux 9 Red Hat n/a
Red Hat Enterprise Linux 9 Red Hat 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems
Red Hat Enterprise Linux 7 Red Hat n/a
Red Hat Enterprise Linux 8 Red Hat 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)
< 10.0.26100.6584
5.01

References (38)